Regulatory Repositories

Coline Zeballos

Yann Féat

Introduction

  • R has a meticulously maintained ecosystem, which is immensely valuable in a regulatory space
  • In a regulatory setting, the trust of any software needs to be thoroughly documented (NOTE: replace with more precise wording based on HA documents)

Goals

  • Provide a community-maintained catalog of package quality indicators (“risk metrics”)
  • Serve quality indicators in a standard format
  • Thoroughly document the system used to perform quality assessment
  • Demonstrate how regulatory-ready risk assessments can be provided using public quality indicators
  • Serve subsets of packages that conform to a specified risk tolerance
  • Improve transparency of industry R package adoption, endorsement and regulator interaction

Interacting with the repo

Packages risk filters

  • Helper package for system administrators
  • Restricts packages available for installation to those fitting in a policy
  • Uses packages metadata in the repo
  • May be use together with manual checks (e.g. read a statistical review)
  • Example of automated filter for safety-critical activities:
    • Acceptance Criteria 1: “Code Coverage > 95%”
    • Acceptance Criteria 2: “Package documentation available”

Usage

Unfiltered

available.packages()
Package
1 colorspace
2 farver
3 isoband
106 tripack

Filtered

fltr <- risk_filter(
  ReverseDependencies >= 0.99)
options(available_packages_filters = fltr)
available.packages()
Package
1 colorspace
2 magrittr
3 R6
32 shinyjs

Repository ‘back-end’

Repository forked from r-hub/repos

Packages cohort validation

  • Risk metrics calculated on packages with new versions and on their reverse dependencies
  • Uses the GitHub API to fetch new release assets
package version ver_old pkg_score has_news
bslib 0.7.0 0.6.1 0.4998 1
dbplyr 2.5.0 2.4.0 0.4668 1
htmltools 0.5.8.1 0.5.7 0.4811 1